[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert...
From: |
Hermanni Hyytiälä |
Subject: |
[Gzz-commits] gzz/Documentation/misc/hemppah-progradu mastert... |
Date: |
Mon, 02 Jun 2003 08:14:08 -0400 |
CVSROOT: /cvsroot/gzz
Module name: gzz
Changes by: Hermanni Hyytiälä <address@hidden> 03/06/02 08:14:08
Modified files:
Documentation/misc/hemppah-progradu: masterthesis.tex
Log message:
steven's comments
CVSWeb URLs:
http://savannah.gnu.org/cgi-bin/viewcvs/gzz/gzz/Documentation/misc/hemppah-progradu/masterthesis.tex.diff?tr1=1.206&tr2=1.207&r1=text&r2=text
Patches:
Index: gzz/Documentation/misc/hemppah-progradu/masterthesis.tex
diff -u gzz/Documentation/misc/hemppah-progradu/masterthesis.tex:1.206
gzz/Documentation/misc/hemppah-progradu/masterthesis.tex:1.207
--- gzz/Documentation/misc/hemppah-progradu/masterthesis.tex:1.206 Mon Jun
2 02:50:41 2003
+++ gzz/Documentation/misc/hemppah-progradu/masterthesis.tex Mon Jun 2
08:14:08 2003
@@ -460,7 +460,7 @@
distance from $p_j$ to $p_i$). Pastry's \cite{rowston01pastry} distance
function supports
symmetry, but does not support unidirection. According to
\cite{balakrishanarticle03lookupp2p}, because
of XOR-metric, Kademlia's distance function is both unidirectional and
symmetric. Moreover, Kademlia's \cite{maymounkov02kademlia}
-XOR-based metric doesn't need stabilization (like in Chord
\cite{stoica01chord}) and backup links
+XOR-based metric does not need stabilization (like in Chord
\cite{stoica01chord}) and backup links
(like in Pastry \cite{rowston01pastry}).
However, in all of the above schemes, each hop in the overlay shortens the
distance between
current peer working with the data lookup and the key that was looked up in
the identifier space.
@@ -484,7 +484,7 @@
Balakrishnan et al. \cite{balakrishanarticle03lookupp2p} have listed four
requirements
for tightly structured overlays\footnote{Authors use the term 'DHT' in their
text, but in this context
-it doesn't matter as they list \emph{general} properties of tightly structured
overlays.} that have to be addressed in order
+it does not matter as they list \emph{general} properties of tightly
structured overlays.} that have to be addressed in order
to perform efficient data lookups in tightly structured overlays.
First, mapping of keys to peers must be done in a load-balanced
way. Second, the overlay must be able to forward a data lookup for a
@@ -498,7 +498,7 @@
two requirements about the nature of reference resolution. First, there should
be a general-purpose
and application-indepedent substrate for reference resolution. Second, the
references themselves
should be unstructured and semantic-free. In this text, we define unstructured
reference
-as a reference that doesn't expose the target in any way and semantic-free
reference as a reference
+as a reference that does not expose the target in any way and semantic-free
reference as a reference
that there are no directives in the reference itself which would expose how
the reference should be processed.
@@ -882,63 +882,63 @@
The Spam generating attack \cite{naor03simpledht} is another known attack
model against a Peer-to-Peer system. In the Spam
attack, a hostile or faulty peer may produce false data information, or
refuses to (or is not able to) reply to requests.
-Naor et al. \cite{naor03simpledht} have proposed a partial solution against
Spam attack in a \emph{faulty} peer environment (not hostile).
+Naor et al. \cite{naor03simpledht} have proposed a partial solution against
this Spam attack in a \emph{faulty} peer environment (not hostile).
Overloading of targeted peers is a form of Distributed Denial of Service
attack (DDoS) (see, e.g., \cite{372148}). For instance,
a hostile entity can attempt to burden specific peers with garbage network
packets. As a consequence, peers may act incorrectly or
stop working. Daswani et al. \cite{daswani02queryflooddos} suggest efficient
load balancing
-policies for Peer-to-Peer system in order to prevent massive system failures.
They suggest a traffic model
+policies for Peer-to-Peer systems in order to prevent massive system failures.
They suggest a traffic model
that can be used to understand the effects of DDoS attacks. Sit et al.
\cite{sit02securitycons}
-suggest that identifier assignment algorithm for peers would assign identifier
with respect to network topology
-and that replicas of data should be located physically to different locations.
+suggest that an identifier assignment algorithm would assign an identifier
with respect to network topology
+and that replicas of data should be relocated physically to different
locations.
\subsection{Trust management, data authenticity and integrity}
-According to \cite{aberer01trust}, mutual trust ''...allows agents to
cooperate in a game-theoretic situation that corresponds
+According to \cite{aberer01trust}, mutual trust, ''...allows agents to
cooperate in a game-theoretic situation that corresponds
to the repeated prisoners dilemma and leads in the long term to an increased
aggregated utility for the participating agents''.
The authors of \cite{aberer01trust} define \emph{trust management} as a
mechanism that allows one to establish mutual trust. Furthermore,
\emph{reputation} is a measure
-that is derived from knowledge on interactions in the past
\cite{aberer01trust}. In this subsection, we discuss mechanisms to maintain
+that is derived from knowledge on interactions in the past
\cite{aberer01trust}. In this subsection, we briefly discuss mechanisms to
maintain
trust in Peer-to-Peer systems.
-Trust in Peer-to-Peer systems is based on \emph{reputation}. Little research
has been done on the reputation models in Peer-to-Peer
-systems, such as \cite{aberer01trust}, \cite{cornelli02reputableservents}. In
\cite{aberer01trust}, authors present a scalable
-trust management model, which can be used in Peer-to-Peer enviroment. Authors
in \cite{cornelli02reputableservents}
-suggest techniques to keep track and share information about the reputation of
a peer with others peers.
+Currently, most trust mechanisms are based on \emph{reputation}. Some research
has been done on the reputation models in Peer-to-Peer
+systems, such as \cite{aberer01trust, cornelli02reputableservents}. In
\cite{aberer01trust}, the authors present a scalable
+trust management model, which can be used in a Peer-to-Peer enviroment. The
authors in \cite{cornelli02reputableservents}
+suggest techniques to keep track of and share reputation information regarding
a peer with others peers.
-Quite recently, widely used Public Key Infrastructure (PKI) has been deployed
in distributed
+Quite recently, the widely used Public Key Infrastructure (PKI) has been
deployed in distributed
systems \cite{rivest96sdsi}, \cite{spkiworkinggroup}. PKI is a reliable
technology for securing
-data in computing systems, such as the Internet. However, in Peer-to-Peer
-networks, the problem of key-based security mechanism may be the revocation of
keys and the
+data in computing systems such as the Internet. However, in Peer-to-Peer
+networks, the problem of key-based security mechanisms may be the revocation
of keys and the
distribution of new keys in a hostile environment \cite{KohMau99}.
-ConChord \cite{ajmani02conchord} is the first Peer-to-Peer system which has a
support for PKI based
+ConChord \cite{ajmani02conchord} is the first Peer-to-Peer system which
supports the PKI based
security infrastructure. Still, however, ConChord \cite{ajmani02conchord} is
in early phase of development and lacks
-important features of PKI to be fully usable yet. Furthermore, the hierarchy
of Simple Distributed Security Infrastructure
-(SDSI) \cite{rivest96sdsi} and Simple Public Key Infrastructure (SPKI)
\cite{spkiworkinggroup} may be a problem for
+important features of PKI to be fully usable. Furthermore, the hierarchy of
the Simple Distributed Security Infrastructure
+(SDSI) \cite{rivest96sdsi} and the Simple Public Key Infrastructure (SPKI)
\cite{spkiworkinggroup} may be a problem for
Peer-to-Peer systems, in which hierarchy is intentionally missing.
-For data integrity, on the other hand, there are working techniques.
Cryptographic content hashes
-\cite{fips-sha-1}, their variations \cite{merkle87hashtree} and implementation
techniques \cite{mohr02thex}
+On the other hand for data integrity, there are working techniques.
Cryptographic content hashes
+\cite{fips-sha-1}, including their variations \cite{merkle87hashtree} and
implementation techniques \cite{mohr02thex}
are efficient and reliable methods for identifying the integrity of data in
Peer-to-Peer systems.
\subsection{Anonymity}
-According to \cite{dingledine00free}, there exist several kinds of anonymity:
author-anonymity,
+According to \cite{dingledine00free}, there exists several kinds of anonymity:
author-anonymity,
publisher-anonymity, reader-anonymity, peer-anonymity and query-ano-nymity.
Author-anonymity is a form
-of anonymity in which no one can link author (who created the document) to a
document.
-Publisher-anonymity means that no one is able to determine the publisher (who
published the document into
-the system) of a document. Reader-anonymity means that a document cannot be
linked to its readers.
-With peer-anonymity, no one is able to determine the peer, where the document
was originally published.
-Document-anonymity means that a peer doesn't know which data it is currently
hosting. Finally, query-anonymity is a form
-of document-anonymity; when other peers perform data lookups, a peer doesn't
know which data it serves
-to the data lookup originators. As the authors of \cite{dingledine00free}
cite, some forms of anonymity
-may imply each other and possible issues raised by this property is one area
of future work.
-
-Obviously, existence of several types of anonymity often conflicts with other
key properties of
-Peer-to-Peer systems. Let us consider anonymity and efficient data lookup. In
efficient data lookup, we must know
-the peers responsible for given data. Of course, when we know the peers
responsible
-for the data, the anonymity of peer is lost. Fortunately, there are partial
solutions to these kinds of
+of anonymity in which no one can link the document to its author.
+Publisher-anonymity means that no one is able to determine the document to its
publisher.
+Reader-anonymity means that a document cannot be linked to its readers.
+With peer-anonymity, no one is able to determine the peer, that originally was
published the document.
+Document-anonymity means that a peer does not know which data it is currently
hosting. Finally, query-anonymity is a form
+of document-anonymity: when other peers perform data lookups, a peer does not
know which local data is searched by
+the data lookup originators. As the authors of \cite{dingledine00free} cite,
some forms of anonymity
+may imply each other. Possible issues raised by this property is one area of
future work.
+
+Obviously, the existence of several types of anonymity often conflicts with
other key properties of
+Peer-to-Peer systems. For example, let us consider anonymity and efficient
data lookup. In an efficient data lookup, we must know the
+the peers responsible for any given data. Of course, when we know the peers
responsible
+for the data, the anonymity of a peer is lost. Fortunately, there are partial
solutions to these kinds of
situations, such as pseudonymity which is a partial form of anonymity
\cite{daswani03openproblems}.
For instance, pseudonymity can be used for addressing peer-anonymity by
providing anonymous-like identifiers to
peers (e.g., peer identifiers of a tightly structured system).
@@ -1190,7 +1190,7 @@
In the random walk approach \cite{lv02searchreplication}, a peer forwards
query to a
randomly selected neighbor. The basic random walk approach
-has a poor response time but it doesn't generate as much network traffic as
+has a poor response time but it does not generate as much network traffic as
the original BFS. As suggested in \cite{lv02searchreplication}, the
random walk approach can be made more effective by introducing
multiple simultaneously working ''walkers''.
@@ -1234,7 +1234,7 @@
joseph02p2players}, which use metadata to implement search methods. The
feasibility of implementing additional
search layer on top of the network layer is questionable, especially if the
search layer and the network
layer have different assumptions about the participating peers (e.g., the
network layer supports heterogeneity
-of peers, but the search layer doesn't). Andrzejak et al. propose range
queries \cite{andrzejak02rangequeries}
+of peers, but the search layer does not). Andrzejak et al. propose range
queries \cite{andrzejak02rangequeries}
to be used with tightly structured overlays. In this technique, it is feasible
to perform data lookups
using ranges of keys thereby covering larger amount of possible data items.
Currently their prototype
is designed for the CAN system \cite{ratnasamy01can}.
@@ -1784,7 +1784,7 @@
In chapter 2, we discussed the main differences between the loosely and the
tightly structured
approach. As stated, the most significant difference is that the tightly
structured
approach has at least poly-logarithmical properties in all internal
operations, while the loosely
-structured approach doesn't always have even linear properties. Furthermore,
the
+structured approach does not always have even linear properties. Furthermore,
the
data lookup model of the tightly structured overlay scales much better than in
loosely
structured overlays; the tightly structured overlay supports global data
lookups
in the overlay, whereas the data lookup model of the loosely structured
approach
@@ -1803,7 +1803,7 @@
tolerance in presence of system flux, non-optimal distance functions in
identifier space,
proximity routing, hostile entities and flexible search
\cite{balakrishanarticle03lookupp2p}.
Additionally, there is only little real world experiments with tightly
structured systems
-(e.g., \cite{overneturl, edonkey2kurl}). Therefore, we can't say for sure, how
well these
+(e.g., \cite{overneturl, edonkey2kurl}). Therefore, we cannot say for sure,
how well these
systems would perform in real Peer-to-Peer environment. However, we believe
that these issues will be
solved in the near future, since there is a strong and wide research community
towards tightly structured
overlays \cite{projectirisurl}.
@@ -1928,7 +1928,7 @@
and after a network disconnection, user wants to verify \emph{off line} the
authenticity of data. Finally, if a data lookup is performed by a user, but
there is no reply
from the Fenfire system, how are we able to know if this was a Spam attack
\cite{naor03simpledht},
-or the data really doesn't exist in the system ?
+or the data really does not exist in the system ?
These problems, however, are not only limited to the Fenfire system as it
concerns all Peer-to-Peer computer systems.